CVE-2023-49949

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...

CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

CVE-2025-3910 Org.keycloak.authentication: two factor authentication bypass

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication...

PT-2025-18208 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak, specifically in the org.keycloak.authorization package, which may be vulnerable to circumventing required actions. This allows users to bypass requirements su...

CVE-2025-25227

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

CVE-2025-25227

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

CVE-2025-25227

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

CVE-2022-36249 Shop Beat Services Vulnerable To Bypass 2FA via APIs

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API...

Vulnerability to bypass two-factor authentication with remember-me option

Bundle version: 4.10.0 Symfony version: 3.4.31 Description Bypass 2fa by rememberme cookie To Reproduce We have a login form with rememberme checkbox functionality, When using the checkbox, symfony creates a cookie "REMEMBERME". That moment we get redirected to the 2fa-auth page. We have no acces...